Critical RCE flaw impacts over 115,000 WatchGuard firewalls
Monday, December 22, 2025
What
The vulnerability in WatchGuard Firebox firewalls allows remote code execution by unauthenticated attackers, particularly affecting devices using IKEv2 VPN configurations. Despite patches being released, many devices remain unpatched and exposed online, leading to significant security risks. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has mandated federal agencies to patch their devices promptly due to the ongoing exploitation of this vulnerability.
Where
Global, with a significant number of affected devices located in North America and Europe.
When
The vulnerability was reported on December 22, 2025, with a patch released the same day. CISA's directive for federal agencies to patch devices is due by December 26, 2025.
Key Factors
- •CVE-2025-14733 allows unauthenticated remote code execution.
- •The vulnerability is primarily exploitable when IKEv2 VPN is configured.
- •Over 124,000 Firebox devices were found exposed online, with many remaining unpatched.
Takeaways
- →Organizations must prioritize patching critical vulnerabilities to prevent exploitation.
- →The incident highlights the ongoing risk posed by unpatched network devices in cybersecurity.
- →Immediate action is required to mitigate risks associated with known vulnerabilities.
Opens original article on BleepingComputer
